This has to do with the Windows TCP/IP stack, affecting nearly all supported Windows . it has a CVSS score of 9.8, and poses a threat due to its remote code execution capability.
Some Details:
- Nature of the Vulnerability: CVE-2024-38063 is a “zero-click” exploit, “Attackers” can remotely send specially crafted IPv6 packets to target systems, allowing them to gain SYSTEM-level privileges,
- Affected Systems: The vulnerability impacts all Windows devices with IPv6 enabled,
- Recommendations: Microsoft has issued patches for all affected systems, disabling IPv6 where not required can serve as a temporary mitigation.
Given the nature of this flaw, organizations are urged to prioritize patching internet-facing systems and monitor for any suspicious IPv6 network traffic.
Leave a Reply